How to bypass an Android smartphone’s encryption and security: Put it in the freezer

Security researchers at the University of Erlangen-Nuremberg in Germany have shown that they can extract photos, surfing history, and contact lists from Android smartphones, even if the phone is locked and the disk is encrypted. The software, called FROST, has been open-sourced by the researchers and is reasonably easy to use, if you’re interested in replicating the results. There is a caveat, though: As the name suggests, you need to put the phone in the freezer first.

The attack vector used by Tilo Müller, Michael Spreitzenbarth, and Felix Freiling is referred to as a cold boot attack. Cold booting (or hard booting) is where you reboot a system by cutting the power completely, and then turning back on. When you restart a computer normally (i.e. a warm reboot), there are usually processes in place that clear/sanitize the system’s memory — but by cold booting and bypassing these processes, the contents of any RAM are preserved.

Six successive RAM dumps from a Galaxy Nexus, as its RAM slowly loses data integrity.

“But RAM is volatile,” you decry. “RAM loses its data as soon as power is cut,” you plea — and yes, to an extent, you are right. RAM is volatile, and it does require regular spikes of power to retain its data — but when power is cut, it actually takes a few seconds or minutes for the data to be lost. If you have some way of reading the RAM, you can extract all sorts of sensitive information — most notably, the encryption key used to encrypt the local hard drive or flash storage. This fault (feature?) is called data remanence, and it also refers to the tendency for hard drives and other magnetic media to preserve data, even after being wiped.

Reading RAM is difficult, though. In the case of larger computers, you can physically transplant the stick of RAM into another computer, and read off the memory contents there. With embedded devices, such as smartphones, you don’t have that option — which is where FROST (Forensic Recovery Of Scrambled Telephones) comes in. In short, FROST is an Android recovery image — a lot like ClockworkMod — that gives you access to any data stored in RAM after a cold boot. From the main FROST menu, you can attempt to recover the full-disk encryption (FDE) keys from RAM, or simply dump the entire contents of RAM via USB to another PC for further analysis. (See: Full disk encryption is too good, says US intelligence agency.)

Now, as we mentioned, it can take anywhere from a few seconds to a few minutes for RAM to lose its data. One of the variables that causes this variance is temperature; by cooling RAM down, it preserves data for longer. In one particularly awesome research paper [PDF], liquid nitrogen has been shown to preserve DRAM contents for an entire week. In this particular case, though, the security researchers placed a Samsung Galaxy Nexus into a freezer for an hour, until the phone’s internal temperature dropped to 10C (50F). Then, by quickly removing and inserting the battery (it must be done in under 500 milliseconds), and entering FROST, they were able to make a complete dump of the phone’s RAM. Without the freezer, the phone’s RAM would lose its data before it could be recovered.

While FROST is notable as the first successful example of a cold boot attack on Android, FROST is just the latest in a long line of cold boot attack tools. In a world where full disk encryption is the norm rather than the exception in criminal circles, the ability to recover encryption keys from memory is of vital importance to the FBI, CIA, and other intelligence agencies around the world. It is now standard practice for some police forces to absolutely make sure that computers are not turned off during raids, until they have been fully scanned for encryption keys and any other data that might still be in RAM. There are defenses that can be employed against cold boot attacks, such as not storing encryption keys in RAM, but for now it seems that Android at least is still vulnerable.